what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2007-11-13

Posted Nov 13, 2007
Site ux.uis.no

Call For Papers for the 5th International Conference on Autonomic and Trusted Computing to be held in Oslo, Norway from June 23 through June 25, 2008.

tags | paper, conference
SHA-256 | b04db4e4a096be5d2e0ff8b3867568bc305ec8561e582059427777c57d172911
Posted Nov 13, 2007
Authored by Jesus Olmos Gonzalez

VTLS Inc.'s vtls.web.gateway CGI is susceptible to a cross site scripting vulnerability. Versions up to 48.1.0 are affected.

tags | exploit, web, cgi, xss
SHA-256 | 8dd7b975689fca20a6db74f32829fae10d09f886aa6152e808a33d4e79c5e9bf
ProCheckUp Security Advisory 2007.13
Posted Nov 13, 2007
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

A cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.

tags | advisory, xss
SHA-256 | 51540fba61ee07c114e319066190f0cda6e0b78c22a023ed48a9ce08149e0dd6
Mandriva Linux Security Advisory 2007.204
Posted Nov 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. Due to incorrect build requirements/conflicts, the cups-config in Mandriva Linux 2008.0 was displaying the full CFLAGS and libs instead of just the libraries when 'cups-config --libs' was invoked. This update corrects the cups-config behaviour.

tags | advisory, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2007-4351
SHA-256 | e63a5975b26008d3f2d655865c92025b4b909a23c8c3453d086e36cbadb70d04
Gentoo Linux Security Advisory 200711-16
Posted Nov 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-16 - Alin Rad Pop (Secunia Research) discovered an off-by-one error in the ippReadIO() function when handling Internet Printing Protocol (IPP) tags that might allow to overwrite one byte on the stack. Versions less than 1.2.12-r2 are affected.

tags | advisory, protocol
systems | linux, gentoo
advisories | CVE-2007-4351
SHA-256 | becabfb339309fe0b78942a9e923c0ea32dc813e18ceb3f6f1518ab8b53fbe9e
Gentoo Linux Security Advisory 200711-15
Posted Nov 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-15 - Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Versions less than 1.2.1-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4619
SHA-256 | 06abf3fb4c0497db66087add4a3481c52966c43b7afe840d3eae58b17b2eefd0
Gentoo Linux Security Advisory 200711-14
Posted Nov 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than are affected.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, gentoo
advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-5334, CVE-2007-5335, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 9406d653f481b768d289697671963843abc5749121b2f6c0fbe1ff5ea8d7b3e1
Posted Nov 13, 2007
Authored by L4teral

AutoIndex versions 2.2.2 and below suffer from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 34f083f495c6b073bb0cab0b5c0cf6e6b0fafd60887513a83c781a072a288396
Posted Nov 13, 2007
Authored by ShAy6oOoN

X7 Chat version 2.0.4 is susceptible to cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a0ca12b0a2389ec279ddab91b583c6334056fc19fb37e28affce8a95f4e138a3
Posted Nov 13, 2007
Authored by Angelo Rosiello, rosiello | Site rosiello.org

RFID: Security Briefings. A set of slides from a talk that discusses how RFID works and security menaces related to RFID.

SHA-256 | 07412007c5d562cfc46e5c3f10554ca1402ee1f8f1a9c0675dc2d12fe5752881
HP Security Bulletin 2007-14.85
Posted Nov 13, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to gain extended privileges.

tags | advisory, shell
systems | hpux
advisories | CVE-2007-4752
SHA-256 | 81d835ad497f2eb1a68ba60bc8d9e611155607b707a8ea4a82d3cada3909e855
Posted Nov 13, 2007
Authored by Elazar Broad

The Microsoft Remote Help safrcdlg.dll appears to suffer from a buffer overflow vulnerability.

tags | advisory, remote, overflow
SHA-256 | 71d4938bb6302ee62a8b14c16dcadbe694f250a46f0bc7d9ace59ae272d3c17d
iDEFENSE Security Advisory 2007-11-12.1
Posted Nov 13, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 11.12.07 - Local exploitation of an invalid array indexing vulnerability in the NPF.SYS device driver of WinPcap allows attackers to execute arbitrary code in kernel context. The problem specifically exists within the bpf_filter_init function. In several places throughout this function, values supplied from a potential attacker are used as array indexes without proper bounds checking. By making IOCTL requests with specially chosen values, attackers are able to corrupt the stack, or pool memory, within the kernel. iDefense has confirmed the existence of this vulnerability in version 4.0.1 of WinPcap as included in Wireshark 0.99.6a. The version of NPF.SYS tested was iDefense suspects older versions to also be vulnerable.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5756
SHA-256 | 510bb102e1e8e6cfc87dc73494eafc248e9211b6b3fe266221765f537a2cf67c
Posted Nov 13, 2007
Authored by Pete Finnigan

Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilizing a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION.

tags | advisory
SHA-256 | 5e1b4edfe37135b33516348ba90362ecdd76608bd6edb343794c43e552bfcfda
Posted Nov 13, 2007
Authored by Hanno Boeck | Site hboeck.de

Broadcast Machine is susceptible a cross site scripting vulnerability in the login form.

tags | exploit, xss
advisories | CVE-2007-3694
SHA-256 | 8241a33bb964ea259feca73c69ede830f25a8e4f545f97d6c5d5c9b1031f89c1
Debian Linux Security Advisory 1405-2
Posted Nov 13, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1405-2 - The zope-cmfplone update in DSA 1405 introduced a regression. This update corrects this flaw.

tags | advisory
systems | linux, debian
advisories | CVE-2007-5741
SHA-256 | ddc8f5f88eaa01e22eab6126f2db39030335bd7cbeb0ff18da4430ea7846a392
Nikto Web Scanner 2.00
Posted Nov 13, 2007
Authored by Sullo | Site cirt.net

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Changes: Version 2 adds many enhancements to reduce false positives, server fingerprinting, scan tuning, HTML report templates, optimizations and more.
tags | web, cgi
systems | unix
SHA-256 | 09a006760a5458748e42112a8b4b99c9ffc58c6842bd99fa22aca545cda43a75
Posted Nov 13, 2007
Authored by CtrlAltCa

This code creates standard dns A queries with a spoofed sender ip address. In particular conditions, this can lead to a denial of service (answers weighs more than queries). Based on snoof.c.

tags | denial of service, spoof
SHA-256 | 4f3cf1a815cd50f51ad172741ec825abc82c283f6dc30dbe24f0d171dbb50cdf
Posted Nov 13, 2007
Authored by Mesut Timur | Site h-labs.org

Eggblog version 3.1.0 is susceptible to cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b0ad0fa2892ffa6c90277931bf860dadba6a06a310f67b381c02a6a0b2ada0d6
Posted Nov 13, 2007
Authored by LT

Basic ASP.NET shell that, once uploaded to a server, can be used to execute shell commands and upload, download, and delete files.

tags | tool, shell, rootkit, asp
systems | unix
SHA-256 | abb3ddc945d147a4ed435b71490764bc4a2860f4ad264052f407357911bd6746
Posted Nov 13, 2007
Authored by PAgVac | Site gnucitizen.org

Pwning the BT Home Hub details have been published. Various cross site scripting and cross site request forgery issues still exist.

tags | advisory, xss, csrf
SHA-256 | ab1677aacfc1c74bee9c7cfe35b991c63e556b2ab40df41d807b2900002f9b3b
Posted Nov 13, 2007
Authored by Guns | Site 0x90.com.ar

PHP-Nuke Module Advertising blind SQL injection exploit.

tags | exploit, php, sql injection
SHA-256 | ce80ab052050c5309dad3a8871ae360a22b4e6bc4171150abc9cd77b0155b178
Posted Nov 13, 2007
Authored by Elazar Broad

An unhandled memory access violation in the OWC11.DataSourceControl in Internet Explorer may cause a denial of service condition.

tags | advisory, denial of service
SHA-256 | 36f5932d4194007c7f52bde0c9a20b93bcae88680da0647d29c698b8be41075b
Posted Nov 13, 2007
Authored by fl0 fl0w | Site fl0-fl0w.docspages.com

PhpSiteManager Beta2 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | bdbe4a0975b0c35925386fd9af5ee9ae760f6a457db5ca5a553558c578e5f161
Posted Nov 13, 2007
Authored by fl0 fl0w | Site fl0-fl0w.docspages.com

Chems version 0.2 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 65fe2ae9522fcac22c5cd110531dfa678cc08c9c4f39e0c27ed1b3a4800f1a90
Page 1 of 2

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By